I would like to suggest another way, one that will not need to edit the router nor any computer. This is my setup at home. - Get a low-end PC for your LAN, install Linux. - Setup a DNS server, a DHCP server and a proxy. - Fine-tune what you want to filter, lists are available online. - Disable your router's DHCP server. Voilà! No need to edit anything else on your LAN, all equipments will work, you bypass your router settings and your internet provider surveillance. By doing so, you also want to setup your DNS server to something else than Google if you value anonymity. It does take time to setup everything, clearly. But once it's up and running, you just forget it's there.
That's pretty good. Some routers have firmware in which there is a built-in option for a family network, and there can also be a restriction. But with my firmware I have to enter every single site I want to ban and with your help I think it will be much easier to restrict. Thanks 👍
Hej thanks for the video! I'm a new subscriber. You have a very good channel with news, tips, and tricks. I'm from Sweden. Take care and have a lovely day!
Nice thing. To stop a computer to use the dns 8-8-8-8 than made a entry in your hosts file to block it there and your openDNS always should take effect on this device. I have not tested,yet - but I think it should work. I will try it later. Thanks for sharing - To keep my mom and dad secure for any kind of bad things. ^^
Well, my ASUS router with Asuswrt-Merlin firmware has an option "Prevent client auto DoH", where DoH stands for DNS over HTTPS. This is exactly the protocol used when you enable Secure DNS in a browser. I did not actually test this feature, because I have no need for it, but I always knew it was there. To my mind, a certain amount of modern routers should have this feature available.
I use a Palo Alto VM Firewall and block all DNS traffic on the network then place an allow rule at the top and allow specific DNS servers that way they can use any other DNS servers and also blocks DNS tunneling used by some apps. I also do SSL decryption on all the Kids PCs.
Thanks, Rich for the video. Quick question.. what if the router you have is ISP-locked. I doubt the ISP would like things changed on their routers. Thanks!
Typically on those I would just put them in bridge mode and get yourself an aftermarket router. It will essentially render your ISP router as just a modem and you would use the Wi-Fi and routing capabilities of your aftermarket router instead.
LOL, When I was a kid my grandmother would let my sister and I watch all sorts of crazy stuff: Rambo slaying hordes of baddies, Van Damme breaking necks, even movies or shows with LGBT themes; movies with nudity, cursing, drugs... No Problem. Disney, though, was absolutely not allowed. She said it was "Straight from Satan" "The height of racist evil" etc. While I'm not so hardline with it, as I got older it was not so hard to understand where she was coming from.
The WRT 54G was SO BAD to use, I HATED it, I had to CONSTANTLY reboot the darn thing at LEAST once a month,not ONLY that, it NEVER gave me its fullest capable speed AND it dropped packages all the time, making the internet STUPIDLY unstable and it all went away when I switched to some D-Link I can't remember which, since then, in my eyes Linksys is and FOREVER WILL be the bane of my existence, same goes for Cisco home routers, the rack mounted ones are amazing though. Only ever had ANY consistency with D-Link home routers.
A staggering number of parents do not use a parental filter on their kids' computers. Not to be a spoilsport, but what this means is that blocking your kids is basically pointless when all it takes is for them to have a friend/classmate who has an unblocked device.
Yes, that is a good point. I am not a parent, but if I was, I would rather have a high level of trust between my children and me than finding the desire to block information from them. In addition, I would be more concerned with them posting inappropriate pictures of themselves online, sending inappropriate content to others, and communicating with potential predators than passively watching content that others make. These concerns would require trust and communication, and blocking sites would not be very helpful in this regard.
At this point, if you live in any country, other than China, you probably should not be using any cellular, internet or wifi connected Huawei products anymore.
Correct me if I'm wrong, but you can bypass this with hosts file. It has a priority over DNS. Also at 7:52 ERR_CERT_AUTHORITY_INVALID is a huge red flag. Why it forces its own certificates to you instead of giving "unable to resolve" error?
It's going to give you a site blocked page rather than just not resolving. Prevents confusion - is the site down or blocked. Obviously the cert on the internal site blocked page isn't going to have a SAN matching the blocked site, hence the cert warning.
Yo brother hope you are well ... Listen i got a problem with my ram like i tried everything to fix this 16GB Ram but only 10GB usable and can't seem to fix the problem and i tried everything Do you maybe know what i could do
you think that password requirement is crazy - for almost 20 years - i had a plain lowercase 5 character password to ups - then about a year ago - they made me change it and they require the longest password i have ever seen - 12 characters
@@eenblatigerdenblatiger1622 From Easus website... (No affiliation) Why can't I enable Secure Boot? Your system might be using outdated UEFI firmware that doesn't support a secure boot option. Also, it might be possible that this option isn't enabled in UEFI firmware settings. If any of these issues are there in your system, you will not be able to see the secure boot option in BIOS.Jan 11, 2024
Ob your Windows 10 and 11 wont work. Help you Fix Video. Do I loose my files. Hello sir. Are my previous files kept and saved. I don't want to loose. I know you dont check past video but please let me know.
yes you need to block the defaul DNS port 53 and block VPN ports like OpenVPN - 1194 TCP/UDP PPTP - 1723 TCP/UDP L2TP - 1701 UDP Cisco IPsec - 1293 TCP/UDP, 500 TCP/UDP IPsec/IKEv2 - 500 TCP/UDP IPsec Nat Traversal - 4500 UDP SOCKS proxy - 1080 TCP im tying to block them in tp-link router if it works i will tell you
I blocked inappropriate content to my kids, and it worked until they discovered public VPNs. VPN clients pass by DNS blocks, and all my efforts are useless now. Any ideas?
I can think of a very good reason to block humour. When you look at the number of unfiltered videos on TH-cam alone, where every swear word and profanity is available to all children, with zero moderation by TH-cam, then you can understand some parents needing to take matters into heir own hands, which sadly restricts some child friendly content. It is ironic that it is adults that are responsible for such irresponsibility.
I am not a parent, but I do have a nephew. When he was elementary school age, my nephew liked to watch gaming videos on TH-cam, but many of these videos contained profanity. However, he was told that he was permitted to watch these videos, but he was not allowed to use obscene language himself. He was admonished that if he did use this inappropriate language, then he would be no longer allowed to watch these videos. He is now 15-years-old and he does not use profanity, at least at home. Rather than blocking content, it would probably be better for parents to explain why certain things seen in videos, movies, etc. should not be emulated. After all, the average child probably hears swear words from his/her peers at school and content filtering would not solve this type of exposure.
Thank you! I never would have been able to figure this out on my own.
I would like to suggest another way, one that will not need to edit the router nor any computer. This is my setup at home.
- Get a low-end PC for your LAN, install Linux.
- Setup a DNS server, a DHCP server and a proxy.
- Fine-tune what you want to filter, lists are available online.
- Disable your router's DHCP server.
Voilà! No need to edit anything else on your LAN, all equipments will work, you bypass your router settings and your internet provider surveillance. By doing so, you also want to setup your DNS server to something else than Google if you value anonymity.
It does take time to setup everything, clearly. But once it's up and running, you just forget it's there.
Even better set your DNS up as recursive and cache everything from authoritative servers, bypass all those public DNS servers entirely.
@@nadtz Nice one !
Yup, you can have security or convenience. Usually not both at the same time. 👍
@@supremerulah420 Well, my setup provides security and convenience.
It's a one-time hassle, and it's done. :)
@@YorranKlees Hence the word "usually" 😊
Thanks bro.. this is a must on our day's..Keep moving 😉
That's pretty good. Some routers have firmware in which there is a built-in option for a family network, and there can also be a restriction. But with my firmware I have to enter every single site I want to ban and with your help I think it will be much easier to restrict. Thanks 👍
You always find the most helpful tips - Thanks
Hej thanks for the video! I'm a new subscriber. You have a very good channel with news, tips, and tricks. I'm from Sweden. Take care and have a lovely day!
Keep in mind that a VPN is going to bypass this
Nice thing. To stop a computer to use the dns 8-8-8-8 than made a entry in your hosts file to block it there and your openDNS always should take effect on this device. I have not tested,yet - but I think it should work. I will try it later. Thanks for sharing - To keep my mom and dad secure for any kind of bad things. ^^
Cool, a new episode! I wonder who today's sponser is.
Well, my ASUS router with Asuswrt-Merlin firmware has an option "Prevent client auto DoH", where DoH stands for DNS over HTTPS. This is exactly the protocol used when you enable Secure DNS in a browser. I did not actually test this feature, because I have no need for it, but I always knew it was there. To my mind, a certain amount of modern routers should have this feature available.
It doesn't work to prevent anyone from manually enabling DoH in the browser, so is pretty much useless.
it worked thank you
I use a Palo Alto VM Firewall and block all DNS traffic on the network then place an allow rule at the top and allow specific DNS servers that way they can use any other DNS servers and also blocks DNS tunneling used by some apps. I also do SSL decryption on all the Kids PCs.
Thanks, Rich for the video.
Quick question.. what if the router you have is ISP-locked.
I doubt the ISP would like things changed on their routers.
Thanks!
Typically on those I would just put them in bridge mode and get yourself an aftermarket router. It will essentially render your ISP router as just a modem and you would use the Wi-Fi and routing capabilities of your aftermarket router instead.
@@CyberCPU Thanks! Rich
Till the next video.
Will this work with a Starlink router? Thanks
I find a solution on a RaspberryPi, for example Unbound plus Pihole, more usefull, as it works with more routers.
I think exposing your kids to Disney is probly as bad as if not worse than pr0n
LOL, When I was a kid my grandmother would let my sister and I watch all sorts of crazy stuff: Rambo slaying hordes of baddies, Van Damme breaking necks, even movies or shows with LGBT themes; movies with nudity, cursing, drugs... No Problem. Disney, though, was absolutely not allowed. She said it was "Straight from Satan" "The height of racist evil" etc. While I'm not so hardline with it, as I got older it was not so hard to understand where she was coming from.
What is so bad about Disney?
In the early days of the internet, if you clicked no when pr0n sites asked if you were 18, you got redirected to Disney's website.
Cause he thinks it's 'woke'.
He's a pathetic conservative snowflake
@@bobkozlarekwa2sqq59
I salute you I stopped watching anything from Disney
The WRT 54G was SO BAD to use, I HATED it, I had to CONSTANTLY reboot the darn thing at LEAST once a month,not ONLY that, it NEVER gave me its fullest capable speed AND it dropped packages all the time, making the internet STUPIDLY unstable and it all went away when I switched to some D-Link I can't remember which, since then, in my eyes Linksys is and FOREVER WILL be the bane of my existence, same goes for Cisco home routers, the rack mounted ones are amazing though.
Only ever had ANY consistency with D-Link home routers.
In today's world, you should absolutely block Disney.
why?
26:58 what about blocking the google dns ip as one of the rules in your opendns settings?
A staggering number of parents do not use a parental filter on their kids' computers. Not to be a spoilsport, but what this means is that blocking your kids is basically pointless when all it takes is for them to have a friend/classmate who has an unblocked device.
Yes, that is a good point. I am not a parent, but if I was, I would rather have a high level of trust between my children and me than finding the desire to block information from them. In addition, I would be more concerned with them posting inappropriate pictures of themselves online, sending inappropriate content to others, and communicating with potential predators than passively watching content that others make. These concerns would require trust and communication, and blocking sites would not be very helpful in this regard.
I use Next DNS and it even blocks ads on the dns level.
9:59 Huawei modem is not allowed to change dns address
At this point, if you live in any country, other than China, you probably should not be using any cellular, internet or wifi connected Huawei products anymore.
I don't think you have to worry about your wife. She will just see the generic error message and be even more clueless than the kids.
Using UDM-Pro/Pihole/Adguard Home problem solved, but the cost is a bit higher than a DD-WRT. Only Phole and Adguard resolves DNS
Use mikrotik then/pihole very cheap
Correct me if I'm wrong, but you can bypass this with hosts file. It has a priority over DNS.
Also at 7:52 ERR_CERT_AUTHORITY_INVALID is a huge red flag. Why it forces its own certificates to you instead of giving "unable to resolve" error?
It's going to give you a site blocked page rather than just not resolving. Prevents confusion - is the site down or blocked.
Obviously the cert on the internal site blocked page isn't going to have a SAN matching the blocked site, hence the cert warning.
Cert authority means they did a redirection (dns poisoning) to their own dns. You can try using doh to bypass that
Our Provincial government got hacked a few months ago(certain departments) and now a 5 factor. 😱🤣🤣🤣
Yo brother hope you are well ...
Listen i got a problem with my ram like i tried everything to fix this 16GB Ram but only 10GB usable and can't seem to fix the problem and i tried everything
Do you maybe know what i could do
you think that password requirement is crazy -
for almost 20 years - i had a plain lowercase 5 character password to ups
-
then about a year ago - they made me change it and they require the longest password i have ever seen - 12 characters
Quit giving me bad ideas my wife does have Facebook. 😂
Apparently I have 3 firewalls - Modem(wired, Bitdefender and Windows Security is on.
Raspberry Pi 4B 4GB running AdGuard in DNS Forwarding mode. Doesn't matter if my ISP IP address changes. Bypass ISP entirely.
can someone help me enable secure boot? it's just stuck on disable, i cant change it.
@@eenblatigerdenblatiger1622 From Easus website... (No affiliation)
Why can't I enable Secure Boot?
Your system might be using outdated UEFI firmware that doesn't support a secure boot option. Also, it might be possible that this option isn't enabled in UEFI firmware settings. If any of these issues are there in your system, you will not be able to see the secure boot option in BIOS.Jan 11, 2024
Ob your Windows 10 and 11 wont work. Help you Fix Video. Do I loose my files. Hello sir. Are my previous files kept and saved. I don't want to loose. I know you dont check past video but please let me know.
please make a video on disk , my disk is always at 100% please help
What about for linux users?
Can kids use a VPN to get around this?
yes you need to block the defaul DNS port 53 and block VPN ports like
OpenVPN - 1194 TCP/UDP
PPTP - 1723 TCP/UDP
L2TP - 1701 UDP
Cisco IPsec - 1293 TCP/UDP, 500 TCP/UDP
IPsec/IKEv2 - 500 TCP/UDP
IPsec Nat Traversal - 4500 UDP
SOCKS proxy - 1080 TCP
im tying to block them in tp-link router if it works i will tell you
I blocked inappropriate content to my kids, and it worked until they discovered public VPNs. VPN clients pass by DNS blocks, and all my efforts are useless now. Any ideas?
Also enable anti hidden feature on OpenVPN to block vpn
@@SametKaratas-db1xugibberish
what if you used 587 TSL port ? will it works as well ? 16:04
587 is for client submission of email using explicit TLS, so no.
@@incandescentwithrage thanks
I can think of a very good reason to block humour. When you look at the number of unfiltered videos on TH-cam alone, where every swear word and profanity is available to all children, with zero moderation by TH-cam, then you can understand some parents needing to take matters into heir own hands, which sadly restricts some child friendly content. It is ironic that it is adults that are responsible for such irresponsibility.
I am not a parent, but I do have a nephew. When he was elementary school age, my nephew liked to watch gaming videos on TH-cam, but many of these videos contained profanity. However, he was told that he was permitted to watch these videos, but he was not allowed to use obscene language himself. He was admonished that if he did use this inappropriate language, then he would be no longer allowed to watch these videos. He is now 15-years-old and he does not use profanity, at least at home.
Rather than blocking content, it would probably be better for parents to explain why certain things seen in videos, movies, etc. should not be emulated. After all, the average child probably hears swear words from his/her peers at school and content filtering would not solve this type of exposure.
Too bad there's nothing to stop cell phone data
I guess technically what you can do there is drain all the data on the SIM card so that the children can only use the internet via the home network.
"..the only flaw with opendns".. lol. only need 1 flaw kids.
323th view
I’m 424th view
promote non-chromium browsers, shun chrome-trash.
3th comment
1st comment..😎😎
@crisbalgreece also first reply and this one is second reply
@Sophia-go3cs
Secondary first comment & reply ..noice..🤪🤪😂😂